Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-9674

    In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.... Read more

    Affected Products : simplece
    • EPSS Score: %0.28
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    CRITICAL
    CVE-2017-9630

    An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all ve... Read more

    • EPSS Score: %0.20
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8776

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defen... Read more

    • EPSS Score: %0.24
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9560

    The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : cayuga_lake_national_bank
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9528

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.... Read more

    Affected Products : irfanview fpx
    • EPSS Score: %0.34
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9479

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonst... Read more

    • EPSS Score: %2.34
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9204

    The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.... Read more

    Affected Products : imageworsener imageworsener
    • EPSS Score: %0.40
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-9139

    There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seco... Read more

    • EPSS Score: %0.11
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-0863

    An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8864

    Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" t... Read more

    Affected Products : 3960hd_firmware 3960hd
    • EPSS Score: %0.65
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8199

    MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of ... Read more

    • EPSS Score: %0.23
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-3149

    Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %14.22
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-1914

    Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevi... Read more

    Affected Products : blackberry_enterprise_service
    • EPSS Score: %3.18
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-7055

    There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and ... Read more

    Affected Products : openssl node.js
    • EPSS Score: %12.39
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-10135

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerabili... Read more

    • EPSS Score: %0.26
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-10333

    Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise... Read more

    Affected Products : siebel_ui_framework siebel_crm
    • EPSS Score: %0.28
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11777

    Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how Sha... Read more

    Affected Products : sharepoint_enterprise_server
    • EPSS Score: %0.86
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12896

    The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().... Read more

    • EPSS Score: %2.06
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.1

    MEDIUM
    CVE-2017-17556

    A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.... Read more

    Affected Products : synaptics_touchpad_driver
    • EPSS Score: %0.13
    • Published: Dec. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-3325

    Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel... Read more

    Affected Products : siebel_ui_framework
    • EPSS Score: %0.75
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292425 Results